05b028d17fa27404b72ee1778e3c5062e179d92486aaf9798019cc750592660c

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

100KB
MD5

6244a184ac37dd1a0fc9c96eccf6b2d4
SHA1

5ec9d63415d86668228386fab9583e61f298ed12
SHA256

05b028d17fa27404b72ee1778e3c5062e179d92486aaf9798019cc750592660c
SHA512

0e4ebaf030d9a0f0f2693b62f07c8804bcf76252cf90fb96547f9006ccf753295a9b52533d4135828ad4a9aecd2bd1259b4b4a3d9391e4766c36770c8a2ec20a
SSDEEP

1536:Z1apCNQsrY/YnIIsYY4CSicEwvL5dDcQbtQFivadWLSQ2JX9nvrpQ4HEKN1ZQrVl:Zk8NQsrsYxcQQX7EKN1ZQrVVoJufe4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529298475535635"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 1324	4432	chrome.exe	17
PID 4432 wrote to memory of 1324	4432	chrome.exe	17
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 1892	4432	chrome.exe	87
PID 4432 wrote to memory of 2416	4432	chrome.exe	85
PID 4432 wrote to memory of 2416	4432	chrome.exe	85
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86
PID 4432 wrote to memory of 3348	4432	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe6a8a9758,0x7ffe6a8a9768,0x7ffe6a8a9778
1⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 --field-trial-handle=1860,i,14589836184715094364,15361069907796007742,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a2286dad013ba6a2866c17f265e7b3d9

SHA1
7db5cf2d304e6ad754831e679413eacfb1a49fde

SHA256
4b22dcdd8c68471a7b993594071a3d75963556193cf0f6c7a71f0973d57e5da5

SHA512
6ea69a22db548107cfd95079595eaa4a2586c999367a4b0ff829080ffeb9055de8409bf54aaa084c62098ce4a127ed5b5581070dab8a81b2abc1b1c0d9a19b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5bb44241905501f75ad2bf73473e1283

SHA1
c2376b4d4674fdd58ee6b6fa0df1c2ca9c8a594a

SHA256
f81ba326b599164e10c01587139b581a7c86eefa1d2792b5132786a0a1db659f

SHA512
dd724c7ac2f823f5ac7f6f5939d5429d4cde532b6abea931f315c1db60950d70ee5727a41ba41b13fba86cf45b8e391ea34cf5e535b4e1794b66e7f32cf70202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
943344602ce8b9de4f3a329a9cf056af

SHA1
cc724c0db10145fcad093b8a4a6e1ef4d24c6bfe

SHA256
fabd4e68f942d072f27558859acb3c3540157ccdfa7812627f711a338fb240d2

SHA512
eafc321adf4d4504ebf73775179066e0de0156697bd27f79d7325d8a6a4ddb1863fdf02d8469b9760df0c55425340e59319cb320a60fc3f2b5d2462210497541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
33e58f69fc5275d85d48b6fd7c987e50

SHA1
da882a862c8b60286c9be55c6fde9cc339f85fc0

SHA256
93e9af8711f3943007001d37bef8c04e139b7325efdd2f3f28da2f54f08738c2

SHA512
78a84c53fb2dd5b1282f09ea5366e384bdfb5d671d3f7e0e8fddc40eaecac56f82486ce222c1fe6d08b9484b67bedf7382f66e56f6d4b28ad265604f8c1f4eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
989c92ff88826ef9949aac6d36a1edb5

SHA1
bcadb5b343ff18efbc2cdd140a4f1da30d42d82d

SHA256
77c173b931ed70395aeca8a66fa6e2fc08bdbcaa94c01e2ae0e73048bf60cbac

SHA512
0ef88d07fa55cab9394a1495451873100e5e4af0628317b09cd75aa7836bd859b43babda8623c8730116afaf2f7e465113f7117401451362ff950291f4afa4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d10a20096c22a0b45f6bb61af5ffd83e

SHA1
de4c31e222aadc1f1b2d708f7f10301e0169b800

SHA256
cd4faca93ebedf630d463ab08b3649e71398e20ead1d79cf4bf5a3a23b4ade5a

SHA512
ba0de278a452ea895882220483d02c40fff75fb1b0345563e9744b6721fb47626d01c036efc7140b52c2986c2e6f8a842fee84415bf5061357ddd0155068617d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit